Vulnerability Details : CVE-2010-1901
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-1901
Probability of exploitation activity in the next 30 days: 94.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1901
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-1901
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1901
-
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056
Microsoft Security Bulletin MS10-056 - Critical | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612
Repository / Oval Repository
Products affected by CVE-2010-1901
- cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*